[Bug 2069232] [NEW] Missing measurements on confidential computing platforms (Intel TDX)

Hector CAO 2069232 at bugs.launchpad.net
Thu Jun 13 00:17:48 UTC 2024 

Public bug reported:

When we run a Confidential VM with grub bootlodaer on Intel TDX
platform, the module tpm is not loaded and boot measurements are not
done for the guest VM.

This bug will prevent grub of doing measurements on confidential computing platform
(the bug has been confirmed on Intel TDX). This lack of measurements will break the
remote attestation

See upstream bug : https://savannah.gnu.org/bugs/?65821

Upstream fix :
https://git.savannah.gnu.org/cgit/grub.git/commit/?id=86df79275d065d87f4de5c97e456973e8b4a649c

** Affects: grub
     Importance: Unknown
         Status: Unknown

** Affects: kobuk
     Importance: Medium
     Assignee: Hector CAO (hectorcao)
         Status: Confirmed

** Affects: grub2 (Ubuntu)
     Importance: Undecided
     Assignee: Hector CAO (hectorcao)
         Status: Confirmed

** Changed in: grub2 (Ubuntu)
       Status: New => Confirmed

** Changed in: grub2 (Ubuntu)
     Assignee: (unassigned) => Hector CAO (hectorcao)

** Bug watch added: GNU Savannah Bug Tracker #65821
   http://savannah.gnu.org/bugs/?65821

** Also affects: grub via
   http://savannah.gnu.org/bugs/?65821
   Importance: Unknown
       Status: Unknown

** Also affects: kobuk
   Importance: Undecided
       Status: New

** Changed in: kobuk
       Status: New => Confirmed

** Changed in: kobuk
   Importance: Undecided => Medium

** Changed in: kobuk
     Assignee: (unassigned) => Hector CAO (hectorcao)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2069232

Title:
  Missing measurements on confidential computing platforms (Intel TDX)

Status in grub:
  Unknown
Status in The Kobuk project:
  Confirmed
Status in grub2 package in Ubuntu:
  Confirmed

Bug description:
  When we run a Confidential VM with grub bootlodaer on Intel TDX
  platform, the module tpm is not loaded and boot measurements are not
  done for the guest VM.

  This bug will prevent grub of doing measurements on confidential computing platform
  (the bug has been confirmed on Intel TDX). This lack of measurements will break the
  remote attestation

  See upstream bug : https://savannah.gnu.org/bugs/?65821

  Upstream fix :
  https://git.savannah.gnu.org/cgit/grub.git/commit/?id=86df79275d065d87f4de5c97e456973e8b4a649c

To manage notifications about this bug go to:
https://bugs.launchpad.net/grub/+bug/2069232/+subscriptions

More information about the foundations-bugs mailing list